GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Timing attack on django-basic-auth-ip-whitelist
Low
CVE-2020-4071
was published
for
django-basic-auth-ip-whitelist
(pip)
Jun 23, 2020
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Low
CVE-2024-45052
was published
for
ethyca-fides
(pip)
Sep 4, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Low
CVE-2024-40640
was published
for
vodozemac
(Rust)
Jul 17, 2024
vantage6 vulnerable to username timing attack
Low
CVE-2024-21671
was published
for
vantage6-server
(pip)
Jan 30, 2024
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Low
GHSA-c35v-qwqg-87jc
was published
for
express-basic-auth
(npm)
Jun 6, 2019
ProTip!
Advisories are also available from the
GraphQL API